security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent: Also evict cached items via a timer. 

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-03-06 16:22:42 +01:00
parent bf43b39c05
commit f060cb5c63
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
agent/agent.h
View File

@ -450,6 +450,7 @@ int agent_clear_passphrase (ctrl_t ctrl,
/*-- cache.c --*/
void initialize_module_cache (void);
void deinitialize_module_cache (void);
void agent_cache_housekeeping (void);
void agent_flush_cache (void);
int agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl);

20
agent/cache.c
View File

@ -258,6 +258,26 @@ housekeeping (void)
}
void
agent_cache_housekeeping (void)
{
int res;
if (DBG_CACHE)
log_debug ("agent_cache_housekeeping\n");
res = npth_mutex_lock (&cache_lock);
if (res)
log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
housekeeping ();
res = npth_mutex_unlock (&cache_lock);
if (res)
log_fatal ("failed to release cache mutex: %s\n", strerror (res));
}
void
agent_flush_cache (void)
{

3
agent/gpg-agent.c
View File

@ -2398,6 +2398,9 @@ handle_tick (void)
}
#endif
/* Need to check for expired cache entries. */
agent_cache_housekeeping ();
/* Check whether the homedir is still available. */
if (!shutdown_pending
&& (!have_homedir_inotify || !reliable_homedir_inotify)

5
doc/gpg-agent.texi
View File

@ -403,7 +403,10 @@ control this behavior but this command line option takes precedence.
Set the time a cache entry is valid to @var{n} seconds. The default
is 600 seconds. Each time a cache entry is accessed, the entry's
timer is reset. To set an entry's maximum lifetime, use
@command{max-cache-ttl}.
@command{max-cache-ttl}. Note that a cached passphrase may not
evicted immediately from memory if no client requests a cache
operation. This is due to an internal housekeeping function which is
only run every few seconds.
@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl